CVE-2022-49732
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49732
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49732.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49732
- Downstream
- Related
- Published
- 2025-02-26T14:57:24Z
- Modified
- 2025-10-21T11:01:23.767055Z
- Summary
- sock: redo the psock vs ULP protection check
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
sock: redo the psock vs ULP protection check
Commit 8a59f9d1e3d4 ("sock: Introduce sk->skprot->psockupdateskprot()") has moved the inetcskhasulp(sk) check from skpsockinit() to the new tcpbpfupdateproto() function. I'm guessing that this was done to allow creating psocks for non-inet sockets.
Unfortunately the destruction path for psock includes the ULP unwind, so we need to fail the skpsockinit() itself. Otherwise if ULP is already present we'll notice that later, and call tcpupdateulp() with the sk_proto of the ULP itself, which will most likely result in the ULP looping its callbacks.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8a59f9d1e3d4340659fdfee8879dc09a6f2546e1Fixed72fa0f65b56605b8a9ae9fba2082f2123f7fe017
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8a59f9d1e3d4340659fdfee8879dc09a6f2546e1Fixed922309e50befb0cfa5cb65e4989b7706d6578846
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8a59f9d1e3d4340659fdfee8879dc09a6f2546e1Fixede34a07c0ae3906f97eb18df50902e2a01c1015b6
Affected versions
v5.*
v5.12
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.2
v5.18.3
v5.18.4
v5.18.5
v5.18.6
v5.18.7
v5.19-rc1
v5.19-rc2
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e34a07c0ae3906f97eb18df50902e2a01c1015b6",
"id": "CVE-2022-49732-06b7d714",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/tls/tls_main.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"204967942800165610225600045518313640691",
"5718583471209326400191767288047737761",
"48731480091053755715992009124491763818"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@72fa0f65b56605b8a9ae9fba2082f2123f7fe017",
"id": "CVE-2022-49732-15e57299",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "tls_update",
"file": "net/tls/tls_main.c"
},
"digest": {
"length": 307.0,
"function_hash": "183981327339320958223317651212509257813"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@72fa0f65b56605b8a9ae9fba2082f2123f7fe017",
"id": "CVE-2022-49732-31d5c7dd",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/tls/tls_main.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"204967942800165610225600045518313640691",
"5718583471209326400191767288047737761",
"48731480091053755715992009124491763818"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@72fa0f65b56605b8a9ae9fba2082f2123f7fe017",
"id": "CVE-2022-49732-40b1f9ee",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "sk_psock_init",
"file": "net/core/skmsg.c"
},
"digest": {
"length": 1007.0,
"function_hash": "210131477117632649025409644050967847307"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@922309e50befb0cfa5cb65e4989b7706d6578846",
"id": "CVE-2022-49732-45926001",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/tls/tls_main.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"204967942800165610225600045518313640691",
"5718583471209326400191767288047737761",
"48731480091053755715992009124491763818"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@72fa0f65b56605b8a9ae9fba2082f2123f7fe017",
"id": "CVE-2022-49732-54e77dc7",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/ipv4/tcp_bpf.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"303693366656287058348276705193601758755",
"127927334395071044537320397584042908519",
"333209735094059146255424820291836568737",
"35141077393023513472700206575423150200",
"215586867152275268292354258398346386051"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e34a07c0ae3906f97eb18df50902e2a01c1015b6",
"id": "CVE-2022-49732-5b577591",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "tcp_bpf_update_proto",
"file": "net/ipv4/tcp_bpf.c"
},
"digest": {
"length": 906.0,
"function_hash": "158785150269524310989118206750430503629"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@72fa0f65b56605b8a9ae9fba2082f2123f7fe017",
"id": "CVE-2022-49732-5da00500",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/net/inet_sock.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"120228592740775661716111113449019436724",
"334133809656320233533122446185012554616",
"256031088297906638643204505796390978831"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e34a07c0ae3906f97eb18df50902e2a01c1015b6",
"id": "CVE-2022-49732-6265c176",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "sk_psock_init",
"file": "net/core/skmsg.c"
},
"digest": {
"length": 1007.0,
"function_hash": "210131477117632649025409644050967847307"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e34a07c0ae3906f97eb18df50902e2a01c1015b6",
"id": "CVE-2022-49732-6930cee5",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/ipv4/tcp_bpf.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"303693366656287058348276705193601758755",
"127927334395071044537320397584042908519",
"333209735094059146255424820291836568737",
"35141077393023513472700206575423150200",
"215586867152275268292354258398346386051"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e34a07c0ae3906f97eb18df50902e2a01c1015b6",
"id": "CVE-2022-49732-69a1440f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/net/inet_sock.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"120228592740775661716111113449019436724",
"334133809656320233533122446185012554616",
"256031088297906638643204505796390978831"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e34a07c0ae3906f97eb18df50902e2a01c1015b6",
"id": "CVE-2022-49732-7a76fc37",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "tls_update",
"file": "net/tls/tls_main.c"
},
"digest": {
"length": 307.0,
"function_hash": "183981327339320958223317651212509257813"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@72fa0f65b56605b8a9ae9fba2082f2123f7fe017",
"id": "CVE-2022-49732-7ea47c3b",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/core/skmsg.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"337927641938455250128093497952855654520",
"142180372755963362566553437032723855375",
"214246969721290256085733390014071747825"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@922309e50befb0cfa5cb65e4989b7706d6578846",
"id": "CVE-2022-49732-97c98865",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "tls_update",
"file": "net/tls/tls_main.c"
},
"digest": {
"length": 307.0,
"function_hash": "183981327339320958223317651212509257813"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@922309e50befb0cfa5cb65e4989b7706d6578846",
"id": "CVE-2022-49732-b20336fc",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/ipv4/tcp_bpf.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"303693366656287058348276705193601758755",
"127927334395071044537320397584042908519",
"333209735094059146255424820291836568737",
"35141077393023513472700206575423150200",
"215586867152275268292354258398346386051"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@922309e50befb0cfa5cb65e4989b7706d6578846",
"id": "CVE-2022-49732-c9468373",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "sk_psock_init",
"file": "net/core/skmsg.c"
},
"digest": {
"length": 1007.0,
"function_hash": "210131477117632649025409644050967847307"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@922309e50befb0cfa5cb65e4989b7706d6578846",
"id": "CVE-2022-49732-e0b82cb2",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "tcp_bpf_update_proto",
"file": "net/ipv4/tcp_bpf.c"
},
"digest": {
"length": 906.0,
"function_hash": "158785150269524310989118206750430503629"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@922309e50befb0cfa5cb65e4989b7706d6578846",
"id": "CVE-2022-49732-e176a539",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/core/skmsg.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"337927641938455250128093497952855654520",
"142180372755963362566553437032723855375",
"214246969721290256085733390014071747825"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@922309e50befb0cfa5cb65e4989b7706d6578846",
"id": "CVE-2022-49732-e6435b2e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/net/inet_sock.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"120228592740775661716111113449019436724",
"334133809656320233533122446185012554616",
"256031088297906638643204505796390978831"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@72fa0f65b56605b8a9ae9fba2082f2123f7fe017",
"id": "CVE-2022-49732-edd0d6fd",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "tcp_bpf_update_proto",
"file": "net/ipv4/tcp_bpf.c"
},
"digest": {
"length": 906.0,
"function_hash": "158785150269524310989118206750430503629"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e34a07c0ae3906f97eb18df50902e2a01c1015b6",
"id": "CVE-2022-49732-f2596220",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/core/skmsg.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"337927641938455250128093497952855654520",
"142180372755963362566553437032723855375",
"214246969721290256085733390014071747825"
]
},
"signature_type": "Line"
}
]